Microsoft offers email encryption from the desktop

Microsoft announced the general availability of its Office 365 Message Encryption service that lets users send and receive encrypted email directly from their desktops, helping protect confidential information such as health care records or legal agreements.

Office 365 Message Encryption lets IT managers set the rules for when emails will get encrypted, using either a graphical user interface or PowerShell. According to Microsoft the encryption process is transparent to the user, and the encrypted email is "delivered directly to [the] recipient's inbox and not to a Web service." In addition, the company said the service "eliminates the need for certificate maintenance."

Microsoft's Q&A on Office 365 Message Encryption explains that the service uses five security elements. It uses the Secure/Multipurpose Internet Mail Extensions (S/MIME) standard, which generates client-side encryption keys, although Microsoft takes away the trouble of an organization having to set up S/MIME. It uses the Transport Layer Security (TLS) protocol that's typically used for Internet transactions, as well as Secure Sockets Layer encryption. Microsoft's own Information Rights Management service is used to prevent information designated as sensitive from being "printed, forwarded or copied." It also includes Microsoft's BitLocker hard-drive encryption technology.

The service is available at no additional cost via Office 365 E3 and E4 subscription plans, or it's available via a Windows Azure Rights Management subscription at $2 per user per month.

Microsoft describes Office 365 Message Encryption as an enhancement to its Exchange Hosted Encryption service, and users of that service will get upgraded to the new service sometime this quarter. Organizations using Exchange Hosted Encryption will get a notice about four weeks before the upgrade, according to Microsoft's upgrade page.

The Office 365 Message Encryption service is also available for Exchange Server 2013 users. The service gets accessed either through Microsoft's recently updated Exchange Online Protection service or "by using hybrid mail-flow," according to Microsoft's announcement.

A longer version of this article originally appeared on Redmondmag, an 1105 Media site.